BIP32 is an HMAC based keypair derivation scheme that permits public parent
-> public child and private parent -> private child derivations. It is best
documented here:
https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
My understanding is that arithmetic is not specific to Bitcoin's use
of secp256k1. I believe it has similar properties to all hash based rachet
schemes. The primary problem is the loss of the root private key and
chaincode(additional entropy) would result in the compromise of all
messages sent by the user.
On Thu, Aug 28, 2014 at 6:43 PM, Tom Ritter <tom at ritter.vg> wrote:
> So I'm not claiming to have studied IBE in depth, but....
>> While thinking about PGP and subkeys today, I started wondering about
> an IBE-like or BIP-32-like system, where if you have a public key, you
> can generate a new public key for a 'tag', and given a private key and
> a tag you can generate the tag's private key.
>> This would let you publish a master key (like in PGP) and then people
> who want to communicate with you over, say, 'OTR' or 'ZRTP' can
> generate a service subkey for you automatically, and you can generate
> the corresponding private service subkey, even after they've generated
> a public key.
>> You'd have to do an ugly dance about revoked service keys, like
> publish a linked list with your master key 'OTR' -> 'OTR_2'.
>> -tom
>> PS: This was also in no way influenced by my
> subkey-expiration-without-noticing a week ago ;)
> _______________________________________________
> Messaging mailing list
>Messaging at moderncrypto.org>https://moderncrypto.org/mailman/listinfo/messaging>-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20140828/39476589/attachment.html>